JP5267615B2 - Apparatus, access control method, access control program, and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image forming apparatus, an access control method, an access control program, and a recording medium which enable easy and proper access control. <P>SOLUTION: There is provided an image forming apparatus with an interface to a portable recording medium which includes access control means for controlling access to individual resources stored in the image forming apparatus. The access control means controls access according to access control information stored in the portable recording medium which defines availability of the individual resources for a user. <P>COPYRIGHT: (C)2012,JPO&amp;INPIT

Description

The present invention relates to an apparatus, an access control method, a access control program and a recording medium, particularly apparatus having an interface to a portable recording medium, access control method, a access control program and a recording medium.

  Recent image forming apparatuses are capable of executing various applications, as represented by a device called a multi-function machine or a multi-function machine (hereinafter referred to as “multi-function machine”) (for example, Patent Document 1). . In addition, a relatively large-capacity storage device such as a hard disk is provided, and image data scanned at the time of copying or the like can be accumulated. In view of the fact that an image forming apparatus in an office or the like is used by a plurality of users, it is desired that security for these resources (applications, image data, etc.) is appropriately secured. That is, in order to protect these resources from malicious users, it is necessary to limit the operation authority for each resource according to the user. Further, even a bona fide user may want to limit the functions that can be used according to the user. For example, the cost (charge) required for copying differs between monochrome copying and color copying. Therefore, it is not desirable to permit the use of a color copy unconditionally from the viewpoint of cost saving. Therefore, for example, it is conceivable to restrict the use of color copies according to the user's job title.

  The function for realizing such control is called an access control function, and is generally realized by using access control information such as ACL (Access Control List) and policy data.

  Conventionally, access control information for an image forming apparatus has been centrally managed in a server computer connected via a network, or has been managed for each image forming apparatus. The former can be said to be an operation mode suitable for, for example, one hundred or more large-scale users. On the other hand, the latter can be said to be an operation mode suitable for, for example, several small users.

  However, for example, it is difficult for any medium-sized user of about several tens of units to operate. That is, the form of centralized management by the server computer has been questioned in terms of cost effectiveness, considering the introduction cost of the server computer. On the other hand, in the form of management for each image forming apparatus, there is a problem that maintenance work of access control information that can be frequently changed according to personnel changes or the like is required for each image forming apparatus, which is very complicated.

SUMMARY An advantage of some aspects of the invention is that it provides an apparatus , an access control method, an access control program, and a recording medium that can perform access control simply and appropriately.

Thus, in order to solve the above problems, the present invention is an apparatus that includes an interface to the record medium, for each of a plurality of resources that the system has, the access control information whether use by the user is defined recorded In response to detection of insertion of the recorded recording medium, detection means that enables input of an authentication screen displayed in a state where input is impossible on the display means, and a user based on authentication information input via the authentication screen Is authenticated, the determination means for determining the resource available to the user, and the display control means for causing the display means to display an operation screen related to the available resource .

In such an apparatus , access control can be performed simply and appropriately.

In order to solve the above problems, the present invention is an access control method in the apparatus, an access control program for executing the access control method in the apparatus, or may be a recording medium recording the access control program.

According to the present invention, it is possible to provide an apparatus , an access control method, an access control program, and a recording medium that can perform access control simply and appropriately.

It is a figure which shows the structural example at the time of the software execution of the compound machine in embodiment of this invention. It is a figure which shows the hardware structural example of the compound machine in embodiment of this invention. It is a figure showing an operation panel. It is a figure which shows the static arrangement | positioning structural example of the software utilized in the compound machine of 1st embodiment. It is a figure which shows the example of a definition of the policy data in embodiment of this invention. It is a flowchart for demonstrating the process sequence at the time of starting of the compound machine in 1st embodiment. It is a flowchart for demonstrating the process sequence of the compound machine at the time of utilizing a standard application in 1st embodiment. It is a figure which shows the example of the mechanism for detecting insertion of USB memory. It is a figure which shows the static arrangement | positioning structural example of the software utilized in the compound machine of 2nd embodiment. It is a flowchart for demonstrating the process sequence of the compound machine at the time of utilizing an SDK application in 2nd embodiment. It is a figure which shows the static arrangement | positioning structural example of the software utilized in the compound machine of 3rd embodiment. It is a flowchart for demonstrating the process sequence at the time of starting of the compound machine in 3rd embodiment. 14 is a flowchart for explaining a processing procedure of the multi-function apparatus when using a standard application when a USB memory is not inserted at the time of startup in the third embodiment. 12 is a flowchart for explaining a processing procedure of the multi-function peripheral when using a standard application when a USB memory is inserted at the time of startup in the third embodiment. It is a figure which shows the example of a filter structure of a copy application. It is a figure which shows the example of the filter structure of the ftp transfer application by scanning. It is a figure which shows the example of application level policy data. It is a figure which shows the example of the policy data of a filter level. It is a figure which shows the example of the policy data of a hardware resource level. It is a flowchart for demonstrating the determination process of the application which can be utilized in 4th embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram illustrating a configuration example when executing software of a multi-function peripheral according to an embodiment of the present invention. The compound machine 101 shown in FIG. 1 includes various hardware 111 and various software 112.

  As the hardware 111 of the multi-function peripheral 101, there are an imaging unit 121, a printing unit 122, and other hardware 123. The imaging unit 121 is hardware for reading an image (image data) from a read original. The printing unit 122 is hardware for printing an image (image data) on printing paper.

  As the software 112 of the multi-function peripheral 101, there are various applications 131 and various platforms 132. These programs are executed in parallel on a process basis by an OS (Operating System) such as UNIX (registered trademark).

  The applications 131 include a copy application 141 that is a copy application, a printer application 142 that is a printer application, a scanner application 143 that is a scanner application, and a facsimile application 144 that is a facsimile application. Further, a web browser 146 that is web page browsing software, web server software 147 that is web page distribution software, and an SDK application service (SAS) that is software for controlling the CSDK application 181 and the JSDK application 182 148 exists. However, these applications are not necessarily installed in the ROM or hardware disk of the multi-function peripheral 101. In other words, the application may be read from a recording medium outside the multi-function peripheral 101 at the time of execution and started. In this sense, the configuration example of FIG. 1 does not show the configuration of the application that is regularly installed in the multi-function peripheral 101, but shows the configuration that can be realized as being expanded on the RAM when the application is executed. It is.

  Some applications 131 are developed and added by a user, a software vendor, or the like after shipment of the fusion machine 101 by using a dedicated SDK (software development kit) provided by the fusion machine 101. An application 131 developed using the SDK is called an SDK application. As the dedicated SDK, “CSDK” for developing the application 131 in C language and “JSDK” for developing the application 131 in Java (registered trademark) language are provided. An application 131 developed using CSDK is called a “CSDK application”, and an application 131 developed using JSDK is called a “JSDK application”. The MFP 101 in FIG. 1 also has a CSDK application 181 and a JSDK application 182. 1 further includes a JSDK platform 183 as software 112 that mediates between the JSDK application 182 written in the Java (registered trademark) language and the other software 112 written in the C language.

  The platform 132 includes various control services 151, a system resource manager 152, and various handlers 153. As the control service 151, there are an operation panel control service (OCS) 161, a certification control service (CCS) 162, and the like. As the handler 153, there are a facsimile control unit handler (FCUH) 171 and an image memory handler (IMH) 172.

  The process of the OCS 161 controls the operation panel. The process of the CCS 162 performs control related to authentication processing, access control, and accounting processing. In addition, as a control service 151 (not shown), for example, a process that mediates network communication, a process that provides a facsimile API, a process that performs control related to distribution processing of stored documents, and a control that relates to the imaging unit 121 and the printing unit 122 There are a process to be performed, a process to control the memory and the hard disk drive, a process to control user information management, a process to control system management, and the like.

  A virtual application service (VAS) 135 exists as software 112 that mediates between the application 131 and the platform 132. The VAS 135 operates as a server process using the application 131 as a client, and also operates as a client process using the platform 132 as a server. The VAS 135 has a wrapping function that hides the platform 132 when viewed from the application 131, and plays a role of absorbing version differences associated with version upgrades of the platform 132.

  FIG. 2 is a diagram illustrating a hardware configuration example of the multi-function peripheral according to the embodiment of the present invention. The hardware 111 of the multi-function peripheral 101 includes a CPU 211, an SD card slot 234, a USB device 242, a ROM 231a, a RAM 231b, an NVRAM 231c, an HDD 233, a NIC (network interface controller) 241, an operation panel 202, An imaging unit 121, a printing unit 122, and the like exist.

  The CPU 211 is an IC for various information processing. The SD card slot 234 is a slot for setting the SD card 235. The USB device 242 is a device for providing a USB standard connection terminal to which a USB memory 2422 is connected. The HDD 233 is a storage of the multifunction machine 101. The NIC 241 is a controller for network communication using a MAC address. The operation panel 202 is hardware (operation unit) for an operator to input to the multifunction machine 101 and hardware (display unit) for the operator to obtain an output from the multifunction machine 101.

  As shown in FIG. 3, the operation panel 202 includes a touch panel 311, a numeric keypad 312, a start button 313, a reset button 314, a function key 315, and an initial setting button 316. The touch panel 311 is hardware (touch operation unit) for inputting by a touch operation and hardware (screen display unit) for obtaining an output by screen display. The numeric keypad 312 is hardware for inputting numbers by operating keys (buttons). The start button 313 is hardware for performing a start operation by a button operation. The reset button 314 is hardware for performing a reset operation by a button operation. The function key 315 is hardware for displaying an operation screen by the CSDK application 181 or the JSDK application 182 by a key (button) operation. The initial setting button 316 is hardware for displaying an initial setting screen by button operation.

  FIG. 4 is a diagram illustrating an example of a static arrangement configuration of software used in the multi-function peripheral according to the first embodiment.

  FIG. 4 is a hardware configuration diagram in which only what is necessary in the following description is extracted from the hardware configuration diagram of FIG. Is shown.

  As shown in FIG. 4, in the first embodiment, the OS, various control services (CS) 151 (OCS 161, CCS 162, etc.), and the standard application 140 are stored in the ROM 231a. The SDK application 180 is stored in the SD card 235. The policy data 501a is stored in the USB memory 2422 which is an example of a portable recording medium.

  The standard application 140 is an application other than the SDK application among the applications 131, and includes a copy application 141, a printer application 142, a scanner application 143, a facsimile application 144, a network application 145, a web browser 146, and the like shown in FIG. And Web server software 147 and the like.

  The policy data 501a is data in which access control information for various resources (software resources and hardware resources) of the multi-function peripheral 101 is defined. The definition format of the policy data 501a is not limited to a predetermined one, but in this embodiment (including not only the first embodiment but also the following embodiments), the one shown in FIG. 5 is used.

  FIG. 5 is a diagram showing a definition example of policy data in the embodiment of the present invention. In the policy data 501 of FIG. 5, the user authority (execution right) for each application (standard application 140, SDK application 180, etc.) provided to the user or for each processing unit constituting the application in the multi-function peripheral 101. (X), read right (r), write right (w)) are defined. Note that “provided to the user” means that the user directly operates.

  For example, user1 can execute (x) the operation of the copy application 141 from the first line. Also, from the fourth line, image data can be read (r) from the original by color scanning during copying. Also, from the fifth line, image data can be written on the printing paper by color printing at the time of copying (w).

  In FIG. 5, reference numerals 2422-n (n is 1 to 5) indicate different USB memories 2422, respectively. For example, policy data 501-1a of user1 is stored in the USB memory 2422-1. The USB memory 2422-2 stores user2 policy data 501-2a. The other USB memory 2422-n also stores policy data 501-na (n is 1 to 5) for one user.

  That is, in FIG. 4, the policy data 501 that has been centrally managed in the NVRAM 231c or HDD 233 of the MFP 101 or a server computer connected to the MFP 101 via the network is a portable recording medium. It is characterized in that it is stored in a certain USB memory 2422 for each user. However, part or all of the policy data 501 may be stored in the NVRAM 213c. From this viewpoint (meaning that the policy data 501 does not necessarily exist in the NVRAM 231c), the policy data 501b in the NVRAM 231c is expressed by a broken line.

  The definition contents of the policy data 501a and the policy data 501b may or may not overlap. In other words, when policy 1 is defined for user 1 to user 9 in policy data 501a, policy data 501b may be defined for users after user 10 or may be defined for users after user 5. Hereinafter, the policy data 501a and the policy data 501b are referred to as policy data 501 unless otherwise distinguished.

  Hereinafter, a processing procedure of the multi-function peripheral 101 in the first embodiment will be described. FIG. 6 is a flowchart for explaining a processing procedure when the multi-function apparatus is activated in the first embodiment.

  When the main power of the multi-function peripheral 101 is turned on by the user (S101), the CPU 211 is activated (S102). The CPU 211 reads the bootstrap from the ROM 231a (S103), recognizes the file system of the ROM 231a, and reads the boot sector (S104). Subsequently, the CPU 211 loads the kernel of the UNIX (registered trademark) OS, and starts the UNIX (registered trademark) system (S105). Subsequently, a root process (process corresponding to the init process) in the OS starts a predetermined process as a child process (S106). For example, various control services in the CS 151 are loaded from the ROM 231a and activated (S107).

  Subsequently, in the CS 151, the CCS 162 responsible for the authentication function and the access control function occupies the display control of the touch panel 311 in the operation panel 202, and causes the touch panel 311 to display the authentication screen in gray out (S108). Here, the authentication screen refers to a screen for allowing the user to input authentication information (for example, a user ID and a password).

  Subsequently, the CPU 211 loads and activates the standard application 140 from the ROM 231a (S109). Here, the standard application 140 tries to display an initial screen for operating the standard application 140 on the touch panel 311, but since the touch panel 311 is occupied by the CCS 162, the authentication screen is displayed and the MFP is displayed. 101 enters a standby state. However, since the authentication screen is grayed out, the user cannot input authentication information and cannot use various resources of the multi-function peripheral 101.

  Next, a processing procedure performed by the multifunction peripheral 101 when the user uses the standard application 140 of the multifunction peripheral 101 will be described. FIG. 7 is a flowchart for explaining the processing procedure of the multi-function peripheral when using the standard application in the first embodiment.

  When the user using the multi-function peripheral 101 inserts (connects) the USB memory 2422 storing the policy data 501 a into the USB device 242 of the multi-function peripheral 101 (S 151), the CCS 162 of the multi-function peripheral 101 stores the USB memory 2422 in the USB memory 2422. Insertion (connection) is detected (S152).

  FIG. 8 is a diagram illustrating an example of a mechanism for detecting insertion of a USB memory. As shown in FIG. 8, when the USB memory 2422 is inserted into the USB device 242 (S501), the USB driver 2423 in the OS notifies the usbhd (USB hardware daemon) 2424 to that effect. The usbhd 2424 is a daemon process that automatically mounts and unmounts the USB memory, monitors connection of the USB memory, activates an application stored in the USB memory, and operates in the same layer as the various control services 151.

  The usbhd 2424 notifies the module linking the umass library that the USB memory 2422 has been inserted. Therefore, in order for the CCS 162 to receive a notification that the USB memory 2422 has been inserted, the CCS 162 needs to link the umass library (S503). Thereafter, the CCS 162 confirms whether preparation for accessing the USB memory 2422 via the USB driver 2423 is completed (S504).

  When the CCS 162 detects the insertion of the USB memory 2422, the CCS 162 cancels the gray out of the authentication screen and enables the authentication screen to be input (S153). Therefore, when the user inputs authentication information on the authentication screen (S154), the CCS 162 authenticates the user based on the input authentication information (S155).

  When the user is authenticated (Yes in S155), the CCS 162 acquires the policy data 501a from the inserted USB memory 2422 and expands it on the RAM 231b (S156). When the policy data 501b is stored in the NVRAM 231c, the CCS 162 acquires the policy data 501b and expands it on the RAM 231b.

  Subsequently, the CCS 162 determines the standard application 140 that can be operated by the current user based on the policy data 501 developed on the RAM 231c by the above-described mechanism (S157). For example, if the current user is “user1”, it is determined that the copy application 141 and the scanner application 143 can be operated based on the policy data 501-1a in FIG. If the policy data 501b is stored in the NVRAM 231c, and there is an overlap between the definition content of the policy data 501b and the definition content of the policy data 501a in the USB memory 2422, The definition is applied with priority.

  Subsequently, the standard application 140 that is determined to be operable by the current user displays the operation screen of the application on the touch panel 311 (S158). When there are a plurality of standard applications 140 that are determined to be operable, it may be determined in advance which application's operation screen is displayed. Further, instead of displaying the operation screen of the specific application in step S158, a screen for selecting the application to be used is displayed, and the operation screen of the application selected by the user is displayed on the screen. Good. Here, a case where the copy application 141 displays an operation screen of the copy application 141 is taken as an example.

  Subsequently, the user sets a document on, for example, an ADF (automatic document feeder) of the multi-function peripheral 101, and performs a color copy function (scans the document in color and stores the scanned image via the operation panel 202, It is assumed that execution of a function for outputting to printing paper is instructed (S159). In this case, first, the copy application 141 confirms whether or not the current user has the authority to read image data (r) by “color scanning by copying” (S160). More specifically, the copy application 141 inquires of the CCS 162 whether or not the current user has the authority. The CCS 162 confirms the presence / absence of the authority based on the policy data 501 expanded in the RAM 231b, and returns the confirmation result to the copy application 141. For example, when the current user is “user1”, since the authority is granted, it is determined that the authority is present.

  If the current user does not have the authority (No in S160), the copy application 141 ends the process as an application (S166). As a result, the display on the touch panel 311 returns to the operation screen of the copy application 141.

  On the other hand, when the current user has the authority, the copy application 141 causes the imaging unit 121 to perform color scanning (S161).

  Subsequently, the copy application 141 makes an inquiry to the CCS 162 in the same manner as in step S160, thereby confirming whether or not the current user has the right to write image data (w) by “image accumulation by copying” (S162). When the current user has the authority (Yes in S162), the copy application 141 stores image data scanned from the document in the USB memory 2422 (S163).

  Incidentally, the storage destination of image data scanned at the time of copying is the HDD 233 in the past, including a temporary case. However, considering the case where a confidential document or the like is copied, there is a problem from the viewpoint of security that image data is stored in the HDD 233. That is, since the multi-function peripheral 101 can be accessed by a large number of users, it is not so difficult to refer to the HDD 233 of the multi-function peripheral 101 or to take out the HDD 233 itself.

  Therefore, the copy application 141 of the multi-function peripheral 101 according to the present embodiment stores image data in the USB memory 2422. For example, if the USB memory 2422 is distributed to each user, the image data scanned at the time of copying by a certain user is stored in the USB memory 2422 of the user, so that the other user can refer to the image data. Can be prevented.

  On the other hand, if the current user is not authorized to write image data by “accumulate image by copying” (No in S162), the image data is not stored in the USB memory 2422.

  Progressing to step S164 following step S162 or S163, the copy application 141 confirms whether or not the current user has the right to write image data (w) by “color printing by copying” by making an inquiry to the CCS 162 as in step S160. To do.

  If the current user does not have the authority (No in S164), the copy application 141 ends the process as an application (S166). As a result, the display on the touch panel 311 returns to the operation screen of the copy application 141. On the other hand, when the current user has the authority, the copy application 141 causes the printing unit 122 to perform color printing of the scanned image data, and ends the processing (S165). As a result, the display on the touch panel 311 returns to the operation screen of the copy application 141.

  If the USB memory 2422 is removed during the process of FIG. 7, the CCS 162 is notified of this, and the subsequent processes are stopped. In that case, the CCS 162 displays the authentication screen grayed out in the touch panel 311 as in the standby state after activation. That is, in order to use the multi-function peripheral 101, the USB memory 2422 must be inserted.

  As described above, according to the MFP 101 in the first embodiment, access control can be performed using the policy data 501 a stored in the USB memory 2422. Therefore, for example, if the USB memory 2422 is distributed to each of the users who are permitted to operate the multi-function peripheral 101, a recording medium in the multi-function peripheral 101 or a server computer connected to the multi-function peripheral 101 via a network. There is no need to manage the policy data 501. Therefore, it is possible to further reduce the trouble of performing maintenance work for each MFP 101, the cost for introducing the server computer, and the like. In addition, the USB memory 2422 distributed for each user stores access control information related only to the user. Therefore, the independence of the policy data 501a in each user's USB memory 2422 can be increased, and even if the access control information of other users changes, the other user's other USB memory 2422 There is no need to change the policy data 501a, and the maintenance work related to the access control information can be further simplified.

  For example, the USB memory 2422 may be distributed not in units of users but in groups of a plurality of users. In such a case, the policy data 501a in the USB memory 2422 may store the policy data for the group or the policy data of each user constituting the group.

  Next, a second embodiment will be described. FIG. 9 is a diagram illustrating a static arrangement configuration example of software used in the multi-function peripheral according to the second embodiment. 9, parts that are the same as the parts shown in FIG. 4 are given the same reference numerals, and explanation thereof is omitted. 9 is different from FIG. 4 in the storage location of the SDK application 180. That is, in FIG. 9, the SDK application 180 is stored not in the SD card 235 but in the USB memory 2422.

  The processing procedure of the multi-function peripheral 101 in the second embodiment will be described below. In the second embodiment, the processing procedure at the start-up of the multi-function peripheral 101 is the same as that in the first embodiment (FIG. 6), and the description thereof is omitted here.

  In the second embodiment, a processing procedure performed by the multi-function peripheral 101 when the user uses the SDK application 180 will be described. FIG. 10 is a flowchart for explaining the processing procedure of the multi-function peripheral when using the SDK application in the second embodiment. In FIG. 10, the same steps as those in FIG. That is, in FIG. 10, steps S151 to S158 are the same as those in the first embodiment.

  Progressing to step S259 following step S158, when the user instructs display of the operation screen of the SDK application 180 by operating the function key 315 of the operation panel 202, the CCS 162 displays the current user based on the policy data 501. The SDK application 180 that can be operated is determined (S260). Although only the definition for the standard application 140 is displayed in FIG. 5, the definition for the SDK application 180 may be performed in the policy data 501 in the same manner.

  Subsequently, the OCS 161 displays on the touch panel 311 a screen for operating the SDK application 180 determined to be operable by the CCS 162 (for example, a screen showing a list of the SDK applications 180 that can be operated by the current user). (S261). When the user instructs execution of an arbitrary SDK application 180 on the displayed screen (S262), the usbhd 2424 loads the SDK application 180 from the USB memory 2422 (S263) and starts as a process (S264).

  As described above, according to the multi-function apparatus 101 in the second embodiment, the SDK application 180 stored in the USB memory 2422 can be executed. Therefore, for example, if the policy data 501a corresponding to the user and the USB memory 2422 storing the SDK application 180 usable by the user are distributed to each user, the improper use of the SDK application 180 due to impersonation. Effective execution can be effectively prevented. That is, even if authentication information such as a password is stolen, if the USB memory 2422 storing the SDK application 180 cannot be obtained, the SDK application 180 cannot be loaded into the MFP 101 in the first place. .

  When the USB memory 2422 is distributed for each user or group, in order to more effectively prevent unauthorized use of the SDK application 180 by an unauthorized user, only the SDK application 180 that can be used by the user or group. May be stored in the USB memory 2422. In this case, the CCS 162 may determine that the SDK application 180 stored in the USB memory 2422 can be used regardless of the definition of the policy data 501.

  Next, a third embodiment will be described. FIG. 11 is a diagram illustrating a static arrangement configuration example of software used in the multi-function peripheral according to the third embodiment. In FIG. 11, the same parts as those of FIG. 9 are denoted by the same reference numerals, and the description thereof is omitted. 11 differs from FIG. 9 in the storage location of the standard application 140. That is, in FIG. 11, the standard application 140 is stored in the USB memory 2422 instead of the ROM 231a.

  Hereinafter, a processing procedure of the multi-function peripheral 101 according to the third embodiment will be described. FIG. 12 is a flowchart for explaining a processing procedure at the time of activation of the multi-function apparatus according to the third embodiment. In FIG. 12, the same steps as those in FIG. 6 are denoted by the same step numbers, and the description thereof is omitted.

  Progressing to step S308 following step S107, the CCS 162 confirms whether or not the USB memory 2422 is already inserted into the USB device 242 via the USB driver 2423. This process takes into consideration that the user may insert the USB memory 2422 in advance when the power of the multi-function peripheral 101 is turned on.

  When the USB memory 2422 is not inserted (No in S308), the CCS 162 occupies the display control of the touch panel 311 in the operation panel 202 and causes the touch panel 311 to display the authentication screen in gray out (S312). The compound machine 101 stands by in this state.

  On the other hand, when the USB memory 2422 is already inserted (Yes in S308), the CCS 162 occupies the display control of the touch panel 311 in the operation panel 202 and displays the authentication screen on the touch panel 311 in a state where it can be input (S309). ). Subsequently, the usbhd 2424 loads the standard application 140 from the USB memory 2422 (S310) and starts as a process (S311). The compound machine 101 stands by in this state.

  Next, a processing procedure performed by the multi-function peripheral 101 when the user uses the standard application 140 will be described. FIG. 13 is a flowchart for explaining the processing procedure of the multi-function apparatus when using the standard application when the USB memory is not inserted at the time of startup in the third embodiment. That is, the processing of FIG. 13 shows the processing procedure when the multi-function peripheral 101 is in a standby state after executing step S312 in FIG. In FIG. 13, the same steps as those in FIG. 7 are denoted by the same step numbers, and the description thereof is omitted.

  In FIG. 13, step S357-1 and step S357-2 are newly added between step S157 and step S158.

  That is, the usbhd 2424 loads the standard application 140 that can be operated by the current user, determined in step S157, from the USB memory 2422 (S357-1), and activates the loaded standard application 140 as a process (S357-2). . Other processes are the same as those in the first embodiment.

  FIG. 14 is a flowchart for explaining the processing procedure of the multi-function apparatus when using the standard application when the USB memory is inserted at the time of startup in the third embodiment. That is, the processing of FIG. 14 shows a processing procedure in the case where the multi-function peripheral 101 is in a standby state after the standard application 140 is activated in step S311 in FIG. In FIG. 14, the same steps as those in FIG. 7 are denoted by the same step numbers, and the description thereof is omitted.

  The processing procedure in FIG. 14 is the same as that in which steps S151 to S153 are deleted from the processing procedure in FIG. That is, in FIG. 14, the USB memory 2422 is already inserted when the multi-function peripheral 101 is activated, and the authentication screen is ready for input. Furthermore, the standard application 140 loaded from the USB memory 2422 has already been activated. Therefore, if the user inputs authentication information (S154) and is authenticated (Yes in S155), the standard application 140 (copy application 141) can be executed in the same procedure as in the first embodiment.

  As described above, according to the MFP 101 in the third embodiment, the standard application 140 stored in the USB memory 2422 can be executed. Therefore, for example, if the policy data 501a corresponding to the user and the USB memory 2422 storing the standard application 140 that can be used by the user are distributed to each user, improper use of the standard application 140 due to impersonation Effective execution can be effectively prevented.

  In addition, since the necessity of storing the standard application 140 in the ROM 231a is reduced, the memory consumption of the ROM 231a can be reduced.

  When the USB memory 2422 is distributed for each user or group, in order to more effectively prevent unauthorized use of the standard application 140 by an unauthorized user, only the standard application 140 that can be used by the user or group. May be stored in the USB memory 2422. In this case, the CCS 162 may determine that the standard application 140 stored in the USB memory 2422 can be used regardless of the definition of the policy data 501.

  Next, a fourth embodiment will be described. The fourth embodiment considers access control when an application (SDK application 180, standard application 140, etc.) operable in the multi-function peripheral 101 is constructed with an architecture called “pipe & filter”. Here, the filter refers to a program that is a component (functional module) constituting an application. In an architecture called “Pipe & Filter”, an application is configured by the connection of filters. A medium connecting the filters is called a pipe. The pipe is a virtual transmission medium for inputting information output from a filter executed first to a filter executed next. The pipe is realized by a memory space provided by, for example, a hard disk, a RAM, or a USB memory.

  For example, FIG. 15 is a diagram illustrating an example of a filter configuration of a copy application. In FIG. 15, the copy application 141 is configured by connecting a scan filter 191 and a print filter 192. The scan filter 191 outputs image data read from the document by the imaging unit 121 to a pipe (for example, the USB memory 2422). When the print filter 192 detects input of image data to the pipe, the print filter 192 causes the printing unit 122 to print the image data. Accordingly, the copy function is realized by continuously performing the operations of the scan filter 191 and the print filter 192.

  FIG. 16 is a diagram illustrating an example of a filter configuration of an ftp transfer application by scanning. In FIG. 16, the ftp transfer application 1801 by scanning is configured by connecting a scan filter 191 and an ftp transfer filter 193. In FIG. 16, the same parts as those in FIG. 15 are denoted by the same reference numerals. Therefore, the scan filter 191 in FIG. 16 is the same as that in FIG. When the ftp transfer filter 193 detects the input of the image data to the pipe, the ftp transfer filter 193 transfers the image data to the ftp using the NIC 241.

  When the application of the MFP 101 is configured by pipes and filters, the policy data 501 defines usage authority at the application level, usage authority at the filter level, and usage authority at the hardware resource level. It is good to do.

  FIG. 17 is a diagram illustrating an example of application level policy data. In the policy data 501L1 of FIG. 17, availability of use is defined for each application such as a copy application, a scanner application, a scan ftp transfer application, and a scan mail transfer application. In the example of FIG. 17, user1 is permitted to use the copy application and the scan application.

  FIG. 18 is a diagram illustrating an example of filter level policy data. The policy data 501L2 in FIG. 18 defines whether or not each filter can be used, such as a scan filter, a print filter, an ftp transfer filter, and a mail transfer filter. In the example of FIG. 18, the user 1 is permitted to use the scan filter and the print filter.

  FIG. 19 is a diagram illustrating an example of policy data at a hardware resource level. The policy data 501L3 in FIG. 19 defines whether or not each hardware resource such as the imaging unit 121, the printing unit 122, the HDD 233, the NIC 241, and the USB memory 2422 can be used. In the example of FIG. 19, the user 1 is permitted to use the imaging unit 121, the printing unit 122, and the USB memory 2422.

  In the fourth embodiment, the policy data 510L1, 501L2, and 501L3 shown in FIGS. 17 to 19 are stored in the USB memory 2422 for each user as the policy data 501a in FIG.

  FIG. 20 is a flowchart for explaining a process for determining an application that can be used in the fourth embodiment. That is, FIG. 20 illustrates a process corresponding to the determination process for the operable standard application in step S157 in FIG. 7, FIG. 10, or FIG. 14, and the determination process for the operable SDK application in step S260 in FIG. To do. Accordingly, it is assumed that the policy data 501L1, 501L2, and 501L3 stored in the USB memory 2422 are expanded on the RAM 231b as a premise of the processing in FIG.

  First, based on the policy data 501L1 expanded on the RAM 231c, the CCS 162 determines whether or not an application that is a determination target (hereinafter referred to as “target application”) can be used (S401). If the use of the target application is permitted in the policy data 501L1 (Yes in S402), the CCS 162 determines whether or not each filter constituting the target application can be used based on the policy data 501L2 developed on the RAM 231c. (S403). The determination of each filter constituting the target application may be performed based on the information indicating the usage relationship between the application and the filter recorded in the HDD 233 or the like.

  In the policy data 501L2, when the use of all the filters constituting the target application is permitted (Yes in S404), the CCS 162 is used by each filter based on the policy data 501L3 expanded on the RAM 231c ( That is, it is determined whether or not each hardware resource (used by the target application) can be used (S405). The determination of the hardware resource used by each filter may be performed based on the information indicating the usage relationship between the filter and the hardware resource recorded in the HDD 233 or the like.

  In the policy data 501L3, when use of all hardware resources used by each filter is permitted (Yes in S406), the CCS 162 determines that the target application can be used (use of the target application). (S407).

  On the other hand, when the policy data 501L1 does not permit the use of the target application (No in S402), the policy data 501L2 does not permit the use of at least one of the filters constituting the target application (S404). No) or when the policy data 501L3 does not permit the use of at least one hardware resource among the hardware resources used by the target application (No in S406), the CCS 162 It is determined that it is impossible (use of the target application is prohibited) (S408).

  As described above, according to the fourth embodiment, for example, when a new application is created by a combination of existing filters, the access control information related to the new application is not defined in the policy data 501L1. In addition, access control for the application can be performed based on the policy data at the filter level (policy data 501L2) or the policy data at the hardware resource level (policy data 501L3). Further, when a new filter is created and installed in the multi-function peripheral 101, even if access control information related to the new filter is not defined in the policy data 501L2, the policy data (policy data 501L3) at the hardware resource level. ) On the basis of the access control to the filter.

  In the above description, the example in which the access control information is defined only as to whether or not use (operation) is possible has been described. However, for example, the access control information may be defined to permit use when a predetermined condition is satisfied. For example, the usage is permitted when a predetermined fee is paid, or the usage is permitted only in a predetermined time zone.

  In this embodiment, the USB memory has been described as an example of a portable recording medium. However, a portable recording medium for storing the policy data 501, the standard application 140, the SDK application 180, or the like is a USB recording medium. It is not limited to memory. For example, various recording media such as an SD card or an IC card can be applied.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the specific embodiment which concerns, In the range of the summary of this invention described in the claim, various deformation | transformation * It can be changed.

DESCRIPTION OF SYMBOLS 101 Compound machine 111 Hardware 112 Software 121 Image pick-up part 122 Printing part 123 Other hardware 131 Application 132 Platform 133 Application program interface 134 Engine interface 135 Virtual application service 140 Standard application 141 Copy application 142 Printer application 143 Scanner application 144 Fax application 144 Web browser 147 Web server software 148 SDK application service 151 Control service 152 System resource manager 153 Handler 161 Operation panel control service 162 Certification control service 171 Facsimile control unit C 172 Image memory handler 180 SDK application 181 CSDK application 182 JSDK application 183 JSDK platform 191 Scan filter 192 Print filter 193 ftp transfer filter 202 Operation panel 211 CPU
233 HDD
234 SD card slot 235 SD card 241 NIC
242 USB device 311 Touch panel 312 Numeric keypad 313 Start button 314 Reset button 315 Function key 316 Initial setting button 501, 501a, 501b Policy data 2422 USB memory 2423 USB driver 2424 usbhd

JP 2005-269619 A

Claims (4)

A device having an interface to a recording medium,
A recording medium on which access control information in which whether or not a specific user can use is defined is recorded for each application program of the device, for each component program constituting the application program, or for each hardware resource of the device . In response to detection of insertion, detection means that enables input of an authentication screen displayed in a state where input is impossible on the display means,
Determination means for determining, when the user is authenticated based on the authentication information input via the authentication screen, the application program available to the user based on the access control information ;
Display for displaying an operation screen of a specific application program among the available application programs or a screen for selecting an application program to be used from the available application programs on the display means following the authentication screen. And a control means. An access control method executed by a device having an interface to a recording medium,
A recording medium on which access control information in which whether or not a specific user can use is defined is recorded for each application program of the device, for each component program constituting the application program, or for each hardware resource of the device . In accordance with detection of insertion, a detection procedure that enables input of an authentication screen displayed in a state where input is impossible on the display means,
A determination procedure for determining an application program available to the user based on the access control information when the user is authenticated based on the authentication information input via the authentication screen;
Display for displaying an operation screen of a specific application program among the available application programs or a screen for selecting an application program to be used from the available application programs on the display means following the authentication screen. An access control method comprising a control procedure. An access control program for causing a computer to execute the access control method according to claim 2 . A computer-readable recording medium on which the access control program according to claim 3 is recorded.

Images